api-contract-sync-manager
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from API specification files such as .yaml, .json, and .graphql. It lacks boundary markers or specific instructions to ignore malicious content within these files, creating a surface for indirect prompt injection where crafted spec content could influence agent actions.
- Ingestion points: Specification files read via the Read tool.
- Boundary markers: No delimiters or safety warnings are used when processing external file content.
- Capability inventory: Includes RunTerminalCmd, Read, Grep, and Glob.
- Sanitization: No sanitization is performed on specification field values before they are used in analysis reports or command contexts.
- [COMMAND_EXECUTION]: The skill uses RunTerminalCmd to execute validation and diffing tools. While the suggested tools are reputable, the invocation of shell commands using paths and metadata from the codebase represents a standard but notable security surface.
- [SAFE]: The suggested external dependencies are industry-standard tools from trusted organizations such as Stoplight and the GraphQL community, which minimizes the risk of malicious package inclusion.
Audit Metadata